Penetration Testing (Pen Testing) Packages
IT Governance’s recurring penetration test packages provide a complete solution for routine security testing of your websites and IT systems. IT Governance is a pioneer in making penetration testing easy to understand and buy. While significant sophisticated skills are required for effective penetration testing, we believe that our customers should be able to quickly understand what they are buying and how much it will cost.
IT Governance penetration tests
Maintain your cyber security – year in and year out!
Save up to 20% with our recurring penetration testing packages.
ITG recurring penetration testing packages
These repeat packages are designed to identify vulnerabilities in your systems, networks and/or applications, and to provide advice and recommendations for any corrective measures required. When a remedial activity has been completed, IT Governance recommends that the original testing is repeated to confirm that the system is now fully secure. Our recurring penetration test packages are offered on a single , biannual or quarterly test basis. Discounts are offered when signing a multi-year penetration test contract with us.
As a CREST member company, IT Governance has been verified as meeting the rigorous standards mandated by CREST. Our clients can rest assured that we offer vulnerability scanning and assessment services of the highest standards. In addition, IT Governance is a CREST-accredited certification body for the Cyber Essentials scheme.
The benefits of IT Governance recurring penetration testing packages:
-
A recurring package or contract provides a complete solution for the efficient and routine testing of your IT system.
-
A package helps you to lock the price down now and avoid any future price increases.
-
You are assured that your networks and applications are secure against cyber attacks.
-
Get peace of mind with the knowledge that all your testing requirements have been taken care of for a specific period, helping achieve compliance with the PCI DSS and ISO 27001.
-
Many of our solutions are designed to offer smaller organisations a cost-effective method of testing their network's security.
-
Regular testing ensures that your networks and applications remain secure over a period of time.
-
If you are required to be PCI DSS compliant at Level 1, you are required to conduct BOTH an annual penetration test and quarterly automated scans from an approved scanning vendor (ASV).
-
The IT Governance PCI Compliance Penetration Testing package is designed to provide an organisation with all the tests required for compliance for a one-, two- or three-year period, and is offered at a significant discount on the cost of the respective tests.
ISO 27001 and penetration testing
If you are implementing ISO 27001, a penetration test is crucial during these ISMS implementation stages:
-
As part of the risk assessment process: uncovering vulnerabilities in any Internet-facing IP addresses, web applications, or internal devices and applications, and linking them to identifiable threats.
-
As part of the performance evaluation, ensuring that controls actually work as designed.
-
As part of the ongoing continual improvement processes, ensuring that controls continue to work as required.
-
Whenever significant changes are made to your network infrastructure
PCI DSS and penetration testing
Pen testing is an essential element of PCI DSS compliance.
Requirement 11 of the PCI DSS states that “system components, processes, and custom software should be tested frequently to ensure security controls continue to reflect a changing environment.”
PCI DSS testing requirements:
IT Governance provides all of the penetration testing requirements for PCI DSS compliance.
15 reasons to use IT Governance for your penetration testing needs
-
We uniquely offer a combination of fixed-price and bespoke penetration testing solutions.
-
Our clients benefit from the vast knowledge and deep experience of our penetration testing team.
-
We are a CREST member company, which means that clients can rest assured that the work will be carried out to rigorous standards by qualified and knowledgeable individuals.
-
Our clients are involved in a detailed consultation session prior to any testing to identify the depth and breadth of the tests required.
-
Our penetration tests combine a number of automated vulnerability scans with a range of advanced manual tests by expert in-house penetration testers.
Click for more >>
-
We apply multiple tools and techniques closely aligned with the Open Source Security Testing Methodology (OSSTM) and OWASP in our penetration tests.
-
The technical advice and solutions we provide are vendor-neutral, meaning we work with our clients’ available resources wherever possible.
-
Our clients receive comprehensive information security advice based on our extensive expertise in helping companies implement and achieve compliance with ISO 27001 and the PCI DSS (we are a PCI QSA company).
-
We can assist our clients with the development of appropriate policies and procedures, staff training, business case development, or the implementation of an information security management system (ISMS).
-
Clients receive immediate notification about any critical vulnerabilities identified to let them take action quickly.
-
We provide a comprehensive technical report identifying potential vulnerabilities and recommended remedial activities for each vulnerability identified.
-
When a remedial activity has been completed, we recommend that the original testing is repeated to ensure that the system is now fully secure.
-
An executive summary accompanies the technical report, explaining the identified potential vulnerabilities in order to explain the risks and issues in clear, non-technical terms.
-
All of our solutions are designed to offer smaller organisations a cost-effective method of testing their network's security.
-
We can offer repeat penetration testing packages, or combined penetration testing and PCI DSS compliance packages at a significant discount.
To book your penetration testing service or to discuss your requirements, please call us now on 00 800 48 484 484 or email servicecentre@itgovernance.asia.